While setting up ssh over tor I determined that the ssh only works from the device I try to access (deviceA), but not from another device (deviceB).
I get a fresh install of Ubuntu Server 20.04 LTS, verify it is connected through wifi to the internet, completed the sudo apt update and upgrade commands successfully, rebooted successfully, and ran: sudo apt install tor. Next, I ran
sudo nano /etc/tor/torrc
and included:
HiddenServiceDir /var/lib/tor/other_hidden_service/
HiddenServicePort 22
(so not HiddenServicePort 22 127.0.0.1:22)
Next, I restarted the tor service using:
sudo systemctl restart tor
This was followed by getting the onion domain of the ssh server with:
sudo cat /var/lib/tor/other_hidden_service/hostname
which returned someoniondomain.onion.
The next step was to ssh into deviceA from deviceB, so I copied, using a usb drive to prevent manual typos, the onion address for the ssh service to deviceB. On this deviceB I ran:
sudo apt install tor
sudo apt install torify
torify ssh [email protected]
Where ubuntu is the username of deviceA. This torify command returned:
333333333 PERROR torsocks[28775]: socks5 libc connect: Connection refused (in socks5_connect() at socks5.c:202) ssh: connect to host someoniondomaion.onion port 22: Connection refused
So I also ran sudo systemctl restart tor on deviceB in case that was not set up by torify, yet with the same output.
However, when I run the same command from deviceA itself, it successfully ssh's into itself as is indicated by output:
The authenthicity of host 'someoniondomain.onion (127.42.42.0)' can't be established.
ECDSA key fingerprint is SHA256:.
Are you sure you want to continue connecting (yes/no/[fingerprint])?
I did not change the /etc/tor/torrsocks.conf file, meaning it contains:
TorAddress 127.0.0.1
TorPort 9050
OnionAddrRange 127.42.42.0
My current guess is that the issue might be related to the OnionAddrRange 127.42.42.0 line as deviceA and deviceB are on the same network, which might somehow cause an issue.
How can I ensure I am also able to ssh into deviceA over tor from deviceB?
The essence of the issue was the assumption that torify sets up a tor connection, which it did not by itself. Furthermore, running:
sudo systemctl restart tor
is insufficient on deviceB to be able to ssh via tor. It appears one also has to start tor explicitly, as after running the following command on deviceB, it worked:
sudo tor
It is essential to verify the output of the command in this answer:
curl --socks5 localhost:9050 --socks5-hostname localhost:9050 -s https://check.torproject.org/ | cat | grep -m 1 Congratulations | xargs
is Congratulations on both devices, to verify they are both connected to tor.